<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=2">
<meta name="theme-color" content="#222">
<meta name="generator" content="Hexo 5.2.0">
  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png">
  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png">
  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png">
  <link rel="mask-icon" href="/images/logo.svg" color="#222">

<link rel="stylesheet" href="/css/main.css">


<link rel="stylesheet" href="/lib/font-awesome/css/all.min.css">

<script id="hexo-configurations">
    var NexT = window.NexT || {};
    var CONFIG = {"hostname":"example.com","root":"/","scheme":"Pisces","version":"7.8.0","exturl":false,"sidebar":{"position":"left","display":"post","padding":18,"offset":12,"onmobile":false},"copycode":{"enable":false,"show_result":false,"style":null},"back2top":{"enable":true,"sidebar":false,"scrollpercent":false},"bookmark":{"enable":false,"color":"#222","save":"auto"},"fancybox":false,"mediumzoom":false,"lazyload":false,"pangu":false,"comments":{"style":"tabs","active":null,"storage":true,"lazyload":false,"nav":null},"algolia":{"hits":{"per_page":10},"labels":{"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}},"localsearch":{"enable":false,"trigger":"auto","top_n_per_article":1,"unescape":false,"preload":false},"motion":{"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}}};
  </script>

  <meta name="description" content="膰聹聣eval莽颅聣暮聡藵膰聲掳暮呕拧膰聳聡膰聹殴莽藕聳莽聽聛莽職聞暮藵膮暮聯聧 &#x3D;&#x3D;这是被乱码毁掉的文章，就如同题目的考点一般&#x3D;&#x3D;">
<meta property="og:type" content="article">
<meta property="og:title" content="NaNNaNNaNNaN-Batman">
<meta property="og:url" content="http://example.com/2020/09/20/CTF/web_wp/NaNNaNNaNNaN-Batman/index.html">
<meta property="og:site_name" content="ThWh&#39;s Blog">
<meta property="og:description" content="膰聹聣eval莽颅聣暮聡藵膰聲掳暮呕拧膰聳聡膰聹殴莽藕聳莽聽聛莽職聞暮藵膮暮聯聧 &#x3D;&#x3D;这是被乱码毁掉的文章，就如同题目的考点一般&#x3D;&#x3D;">
<meta property="og:locale" content="en_US">
<meta property="og:image" content="d:/Hexo/source/_posts/CTF/web_wp/NaNNaNNaNNaN-Batman/sublime.png">
<meta property="og:image" content="d:/Hexo/source/_posts/CTF/web_wp/NaNNaNNaNNaN-Batman/visible.png">
<meta property="og:image" content="d:/Hexo/source/_posts/CTF/web_wp/NaNNaNNaNNaN-Batman/console.png">
<meta property="og:image" content="d:/Hexo/source/_posts/CTF/web_wp/NaNNaNNaNNaN-Batman/alert.png">
<meta property="og:image" content="d:/Hexo/source/_posts/CTF/web_wp/NaNNaNNaNNaN-Batman/sourcecode.png">
<meta property="og:image" content="d:/Hexo/source/_posts/CTF/web_wp/NaNNaNNaNNaN-Batman/flag.png">
<meta property="article:published_time" content="2020-09-20T08:34:08.000Z">
<meta property="article:modified_time" content="2020-09-26T15:16:03.696Z">
<meta property="article:author" content="ThWh">
<meta property="article:tag" content="Writeups">
<meta property="article:tag" content="JS审计">
<meta property="article:tag" content="Web">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="d:/Hexo/source/_posts/CTF/web_wp/NaNNaNNaNNaN-Batman/sublime.png">

<link rel="canonical" href="http://example.com/2020/09/20/CTF/web_wp/NaNNaNNaNNaN-Batman/">


<script id="page-configurations">
  // https://hexo.io/docs/variables.html
  CONFIG.page = {
    sidebar: "",
    isHome : false,
    isPost : true,
    lang   : 'en'
  };
</script>

  <title>NaNNaNNaNNaN-Batman | ThWh's Blog</title>
  






  <noscript>
  <style>
  .use-motion .brand,
  .use-motion .menu-item,
  .sidebar-inner,
  .use-motion .post-block,
  .use-motion .pagination,
  .use-motion .comments,
  .use-motion .post-header,
  .use-motion .post-body,
  .use-motion .collection-header { opacity: initial; }

  .use-motion .site-title,
  .use-motion .site-subtitle {
    opacity: initial;
    top: initial;
  }

  .use-motion .logo-line-before i { left: initial; }
  .use-motion .logo-line-after i { right: initial; }
  </style>
</noscript>

</head>

<body itemscope itemtype="http://schema.org/WebPage">
  <div class="container use-motion">
    <div class="headband"></div>

    <header class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-container">
  <div class="site-nav-toggle">
    <div class="toggle" aria-label="Toggle navigation bar">
      <span class="toggle-line toggle-line-first"></span>
      <span class="toggle-line toggle-line-middle"></span>
      <span class="toggle-line toggle-line-last"></span>
    </div>
  </div>

  <div class="site-meta">

    <a href="/" class="brand" rel="start">
      <span class="logo-line-before"><i></i></span>
      <h1 class="site-title">ThWh's Blog</h1>
      <span class="logo-line-after"><i></i></span>
    </a>
  </div>

  <div class="site-nav-right">
    <div class="toggle popup-trigger">
    </div>
  </div>
</div>




<nav class="site-nav">
  <ul id="menu" class="main-menu menu">
        <li class="menu-item menu-item-home">

    <a href="/" rel="section"><i class="fa fa-home fa-fw"></i>Home</a>

  </li>
        <li class="menu-item menu-item-about">

    <a href="/about/" rel="section"><i class="fa fa-user fa-fw"></i>About</a>

  </li>
        <li class="menu-item menu-item-tags">

    <a href="/tags/" rel="section"><i class="fa fa-tags fa-fw"></i>Tags</a>

  </li>
        <li class="menu-item menu-item-categories">

    <a href="/categories/" rel="section"><i class="fa fa-th fa-fw"></i>Categories</a>

  </li>
        <li class="menu-item menu-item-archives">

    <a href="/archives/" rel="section"><i class="fa fa-archive fa-fw"></i>Archives</a>

  </li>
  </ul>
</nav>




</div>
    </header>

    
  <div class="back-to-top">
    <i class="fa fa-arrow-up"></i>
    <span>0%</span>
  </div>


    <main class="main">
      <div class="main-inner">
        <div class="content-wrap">
          

          <div class="content post posts-expand">
            

    
  
  
  <article itemscope itemtype="http://schema.org/Article" class="post-block" lang="en">
    <link itemprop="mainEntityOfPage" href="http://example.com/2020/09/20/CTF/web_wp/NaNNaNNaNNaN-Batman/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="image" content="/images/avatar.gif">
      <meta itemprop="name" content="ThWh">
      <meta itemprop="description" content="">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="ThWh's Blog">
    </span>
      <header class="post-header">
        <h1 class="post-title" itemprop="name headline">
          NaNNaNNaNNaN-Batman
        </h1>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="far fa-calendar"></i>
              </span>
              <span class="post-meta-item-text">Posted on</span>

              <time title="Created: 2020-09-20 16:34:08" itemprop="dateCreated datePublished" datetime="2020-09-20T16:34:08+08:00">2020-09-20</time>
            </span>
              <span class="post-meta-item">
                <span class="post-meta-item-icon">
                  <i class="far fa-calendar-check"></i>
                </span>
                <span class="post-meta-item-text">Edited on</span>
                <time title="Modified: 2020-09-26 23:16:03" itemprop="dateModified" datetime="2020-09-26T23:16:03+08:00">2020-09-26</time>
              </span>
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="far fa-folder"></i>
              </span>
              <span class="post-meta-item-text">In</span>
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing">
                  <a href="/categories/CTF/" itemprop="url" rel="index"><span itemprop="name">CTF</span></a>
                </span>
            </span>

          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
        <p><strong>膰聹聣eval莽颅聣暮聡藵膰聲掳暮呕拧膰聳聡膰聹殴莽藕聳莽聽聛莽職聞暮藵膮暮聯聧</strong></p>
<p>==这是被乱码毁掉的文章，就如同题目的考点一般==</p>
<a id="more"></a>

<p>盲赂聥膷藵藵茅聶聞盲钮艣膹藕聦膰聣聯暮藕聙暮聬聨</p>
<figure class="highlight html"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="tag">&lt;<span class="name">script</span>&gt;</span><span class="handlebars"><span class="xml">_=&#x27;function $()&#123;e=getEleById(&quot;c&quot;).value;length==16^be0f23233ace98aa$c7be9)&#123;tfls_aie&#125;na_h0lnrg&#123;e_0iit\&#x27;_ns=[t,n,r,i];for(o=0;o<span class="tag">&lt;<span class="name">13;++o)&#123;</span>	[<span class="attr">0</span>]);<span class="attr">.splice</span>(<span class="attr">0</span>,<span class="attr">1</span>)&#125;&#125;&#125;	\&#x27;&lt;<span class="attr">input</span> <span class="attr">id</span>=<span class="string">&quot;c&quot;</span>&gt;</span><span class="tag">&lt; <span class="attr">onclick</span>=<span class="string">$()</span>&gt;</span>Ok<span class="tag">&lt;/&gt;</span>\&#x27;);delete _var &quot;,&quot;docu.)match(/&quot;];/)!=null=[&quot;	write(s[o%4]buttonif(e.ment&#x27;;for(Y in $=&#x27;	&#x27;)with(_.split($[Y]))_=join(pop());eval(_)</span></span><span class="tag">&lt;/<span class="name">script</span>&gt;</span></span><br></pre></td></tr></table></figure>

<p>盲拧膮莽艂聼莽艂聼膹藕聦暮聟艣盲赂颅膷偶聵膰聹聣盲拧膮莽聽聛膬聙聜</p>
<p><strong>方法一</strong></p>
<p>莽聰篓sublime text膰聣聯暮藕聙</p>
<img src="D:\Hexo\source\_posts\CTF\web_wp\NaNNaNNaNNaN-Batman\sublime.png" style="zoom: 50%;" />

<p>暮聫聭莽聨掳膰聹聣暮陇搂茅聡聫膰聨搂暮聢艣暮颅聴莽殴艢膹藕聦暮陇聞莽聬聠膰聢聬暮聫呕膷搂聠膰聽藕暮藕聫</p>
<img src="D:\Hexo\source\_posts\CTF\web_wp\NaNNaNNaNNaN-Batman\visible.png" style="zoom:50%;" />

<p>暮掳聠 <code>eval(_);</code>膰聧藰膰聢聬 <code>console.log(_)</code>膹藕聦暮聧艂暮聫呕<code>F12</code>暮聬聨暮聹篓膰聨搂暮聢艣暮聫掳盲赂颅暮聫聭莽聨掳js盲钮艁莽聽聛</p>
<img src="D:\Hexo\source\_posts\CTF\web_wp\NaNNaNNaNNaN-Batman\console.png" style="zoom: 50%;" />

<p>膰聢聳暮掳聠<code>eval(_);</code>膰聧藰膰聢聬 <code>alert(_)</code>暮聹篓暮藕拧莽艦聴盲赂颅膰聼慕莽聹聥</p>
<img src="D:\Hexo\source\_posts\CTF\web_wp\NaNNaNNaNNaN-Batman\alert.png" style="zoom:50%;" />

<p><strong>方法二</strong></p>
<p>莽聦聹膰木聥膰聵呕暮聣聧茅聺藰盲钮艁莽聽聛盲赂颅莽職聞盲赂聙盲艧聸暮颅聴莽殴艢膷藰扭<code>eval</code>膷沤膭莽沤聴盲艧聠膹藕聦膰聣聙盲钮慕盲拧膮莽聽聛膬聙聜</p>
<p>膰聲聟茅聡聡暮聫聳盲赂聤膷偶掳膰聸麓膰聰拧暮聡藵膰聲掳莽職聞膰聳拧膰艂聲</p>
<img src="D:\Hexo\source\_posts\CTF\web_wp\NaNNaNNaNNaN-Batman\sourcecode.png" style="zoom:50%;" />

<p><strong>方法一</strong></p>
<p>膷偶聸膷膭聦盲钮艁莽聽聛暮沤膭膷沤膭膹藕聦暮聫呕盲钮慕暮啪聴暮聡艧膷艢聛膰聻聞茅聙聽盲赂聙盲赂艦暮颅聴莽殴艢盲赂藳膹藕聦暮拧艣盲赂聰膰钮膭膷艣艂盲钮慕盲赂聥膰聺膭盲钮艣膹藕職</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">茅聲偶暮艧艢盲赂艧16</span><br><span class="line">盲钮慕be0f23暮藕聙暮陇麓</span><br><span class="line">盲钮慕e98aa莽钮聯暮掳啪</span><br><span class="line">暮聦聟暮聬扭233ac</span><br><span class="line">暮聦聟暮聬扭c7be9</span><br><span class="line">暮聧艂 be0f233ac7be98aa</span><br></pre></td></tr></table></figure>

<p><strong>方法二</strong></p>
<p>膷偶聬膷膭聦盲赂聥茅聺藰膷偶聶膰沤木js盲钮艁莽聽聛盲拧聼膷聝藵暮啪聴暮聢掳Flag</p>
<figure class="highlight js"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">var</span> t = [<span class="string">&quot;fl&quot;</span>, <span class="string">&quot;s_a&quot;</span>, <span class="string">&quot;i&quot;</span>, <span class="string">&quot;e&#125;&quot;</span>];</span><br><span class="line">        <span class="keyword">var</span> n = [<span class="string">&quot;a&quot;</span>, <span class="string">&quot;_h0l&quot;</span>, <span class="string">&quot;n&quot;</span>];</span><br><span class="line">        <span class="keyword">var</span> r = [<span class="string">&quot;g&#123;&quot;</span>, <span class="string">&quot;e&quot;</span>, <span class="string">&quot;_0&quot;</span>];</span><br><span class="line">        <span class="keyword">var</span> i = [<span class="string">&quot;it&#x27;&quot;</span>, <span class="string">&quot;_&quot;</span>, <span class="string">&quot;n&quot;</span>];</span><br><span class="line">        <span class="keyword">var</span> s = [t, n, r, i];</span><br><span class="line">        <span class="keyword">for</span> (<span class="keyword">var</span> o = <span class="number">0</span>; o &lt; <span class="number">13</span>; ++o) &#123;</span><br><span class="line">            <span class="built_in">document</span>.write(s[o % <span class="number">4</span>][<span class="number">0</span>]);</span><br><span class="line">            s[o % <span class="number">4</span>].splice(<span class="number">0</span>, <span class="number">1</span>)</span><br><span class="line">        &#125;</span><br><span class="line"><span class="comment">// 盲赂聧盲藕職js</span></span><br></pre></td></tr></table></figure>

<p>暮啪聴暮聢掳flag</p>
<img src="D:\Hexo\source\_posts\CTF\web_wp\NaNNaNNaNNaN-Batman\flag.png" style="zoom:50%;" />
    </div>

    
    
    

      <footer class="post-footer">
          <div class="post-tags">
              <a href="/tags/Writeups/" rel="tag"># Writeups</a>
              <a href="/tags/JS%E5%AE%A1%E8%AE%A1/" rel="tag"># JS审计</a>
              <a href="/tags/Web/" rel="tag"># Web</a>
          </div>

        


        
    <div class="post-nav">
      <div class="post-nav-item">
    <a href="/2020/04/08/Hack/%E6%89%8B%E6%8A%8A%E6%89%8B%E5%B8%A6%E4%BD%A0%E6%90%AD%E5%BB%BA%E9%92%93%E9%B1%BCWi-Fi%E7%83%AD%E7%82%B9%5B1%5D/" rel="prev" title="手把手带你搭建钓鱼Wi-Fi热点[1]">
      <i class="fa fa-chevron-left"></i> 手把手带你搭建钓鱼Wi-Fi热点[1]
    </a></div>
      <div class="post-nav-item">
    <a href="/2020/09/20/CTF/web_wp/PHP2/" rel="next" title="PHP2">
      PHP2 <i class="fa fa-chevron-right"></i>
    </a></div>
    </div>
      </footer>
    
  </article>
  
  
  



          </div>
          

<script>
  window.addEventListener('tabs:register', () => {
    let { activeClass } = CONFIG.comments;
    if (CONFIG.comments.storage) {
      activeClass = localStorage.getItem('comments_active') || activeClass;
    }
    if (activeClass) {
      let activeTab = document.querySelector(`a[href="#comment-${activeClass}"]`);
      if (activeTab) {
        activeTab.click();
      }
    }
  });
  if (CONFIG.comments.storage) {
    window.addEventListener('tabs:click', event => {
      if (!event.target.matches('.tabs-comment .tab-content .tab-pane')) return;
      let commentClass = event.target.classList[1];
      localStorage.setItem('comments_active', commentClass);
    });
  }
</script>

        </div>
          
  
  <div class="toggle sidebar-toggle">
    <span class="toggle-line toggle-line-first"></span>
    <span class="toggle-line toggle-line-middle"></span>
    <span class="toggle-line toggle-line-last"></span>
  </div>

  <aside class="sidebar">
    <div class="sidebar-inner">

      <ul class="sidebar-nav motion-element">
        <li class="sidebar-nav-toc">
          Table of Contents
        </li>
        <li class="sidebar-nav-overview">
          Overview
        </li>
      </ul>

      <!--noindex-->
      <div class="post-toc-wrap sidebar-panel">
      </div>
      <!--/noindex-->

      <div class="site-overview-wrap sidebar-panel">
        <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
  <p class="site-author-name" itemprop="name">ThWh</p>
  <div class="site-description" itemprop="description"></div>
</div>
<div class="site-state-wrap motion-element">
  <nav class="site-state">
      <div class="site-state-item site-state-posts">
          <a href="/archives/">
        
          <span class="site-state-item-count">13</span>
          <span class="site-state-item-name">posts</span>
        </a>
      </div>
      <div class="site-state-item site-state-categories">
            <a href="/categories/">
          
        <span class="site-state-item-count">2</span>
        <span class="site-state-item-name">categories</span></a>
      </div>
      <div class="site-state-item site-state-tags">
            <a href="/tags/">
          
        <span class="site-state-item-count">10</span>
        <span class="site-state-item-name">tags</span></a>
      </div>
  </nav>
</div>



      </div>

    </div>
  </aside>
  <div id="sidebar-dimmer"></div>


      </div>
    </main>

    <footer class="footer">
      <div class="footer-inner">
        

        

<div class="copyright">
  
  &copy; 
  <span itemprop="copyrightYear">2020</span>
  <span class="with-love">
    <i class="fa fa-heart"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">ThWh</span>
</div>
  <div class="powered-by">Powered by <a href="https://hexo.io/" class="theme-link" rel="noopener" target="_blank">Hexo</a> & <a href="https://pisces.theme-next.org/" class="theme-link" rel="noopener" target="_blank">NexT.Pisces</a>
  </div>

        








      </div>
    </footer>
  </div>

  
  <script src="/lib/anime.min.js"></script>
  <script src="/lib/velocity/velocity.min.js"></script>
  <script src="/lib/velocity/velocity.ui.min.js"></script>

<script src="/js/utils.js"></script>

<script src="/js/motion.js"></script>


<script src="/js/schemes/pisces.js"></script>


<script src="/js/next-boot.js"></script>




  















  

  

</body>
</html>
